diff --git a/src/main/java/io/spring/api/UsersApi.java b/src/main/java/io/spring/api/UsersApi.java index 8126e2b..bf5fdb5 100644 --- a/src/main/java/io/spring/api/UsersApi.java +++ b/src/main/java/io/spring/api/UsersApi.java @@ -3,6 +3,7 @@ package io.spring.api; import com.fasterxml.jackson.annotation.JsonRootName; import io.spring.api.exception.InvalidRequestException; import io.spring.application.user.UserQueryService; +import io.spring.core.user.EncryptService; import io.spring.core.user.User; import io.spring.core.user.UserRepository; import lombok.Getter; @@ -12,32 +13,36 @@ import org.hibernate.validator.constraints.NotBlank; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Value; import org.springframework.http.ResponseEntity; -import org.springframework.security.core.annotation.AuthenticationPrincipal; import org.springframework.validation.BindingResult; import org.springframework.web.bind.annotation.RequestBody; -import org.springframework.web.bind.annotation.RequestHeader; import org.springframework.web.bind.annotation.RequestMapping; -import org.springframework.web.bind.annotation.RequestMethod; import org.springframework.web.bind.annotation.RestController; import javax.validation.Valid; +import java.util.Optional; + +import static org.springframework.web.bind.annotation.RequestMethod.POST; + @RestController public class UsersApi { private UserRepository userRepository; private UserQueryService userQueryService; private String defaultImage; + private EncryptService encryptService; @Autowired public UsersApi(UserRepository userRepository, UserQueryService userQueryService, + EncryptService encryptService, @Value("${image.default}") String defaultImage) { this.userRepository = userRepository; this.userQueryService = userQueryService; + this.encryptService = encryptService; this.defaultImage = defaultImage; } - @RequestMapping(path = "/users", method = RequestMethod.POST) + @RequestMapping(path = "/users", method = POST) public ResponseEntity createUser(@Valid @RequestBody RegisterParam registerParam, BindingResult bindingResult) { if (bindingResult.hasErrors()) { throw new InvalidRequestException(bindingResult); @@ -54,12 +59,34 @@ public class UsersApi { User user = new User( registerParam.getEmail(), registerParam.getUsername(), - registerParam.getPassword(), + encryptService.encrypt(registerParam.getPassword()), "", defaultImage); userRepository.save(user); - return ResponseEntity.status(201).body(userQueryService.fetchCreatedUser(user.getUsername())); + return ResponseEntity.status(201).body(userQueryService.fetchNewAuthenticatedUser(user.getUsername())); } + + @RequestMapping(path = "/users/login", method = POST) + public ResponseEntity userLogin(@Valid @RequestBody LoginParam loginParam, BindingResult bindingResult) { + Optional optional = userRepository.findByEmail(loginParam.getEmail()); + if (optional.isPresent() && encryptService.check(loginParam.getPassword(), optional.get().getPassword())) { + return ResponseEntity.ok(userQueryService.fetchNewAuthenticatedUser(optional.get().getUsername())); + } else { + bindingResult.rejectValue("password", "INVALID", "invalid email or password"); + throw new InvalidRequestException(bindingResult); + } + } +} + +@Getter +@JsonRootName("user") +@NoArgsConstructor +class LoginParam { + @NotBlank(message = "can't be empty") + @Email(message = "should be an email") + private String email; + @NotBlank(message = "can't be empty") + private String password; } @Getter diff --git a/src/main/java/io/spring/application/user/UserQueryService.java b/src/main/java/io/spring/application/user/UserQueryService.java index 1c0cec0..90540a3 100644 --- a/src/main/java/io/spring/application/user/UserQueryService.java +++ b/src/main/java/io/spring/application/user/UserQueryService.java @@ -15,7 +15,7 @@ public class UserQueryService { this.jwtService = jwtService; } - public UserWithToken fetchCreatedUser(String username) { + public UserWithToken fetchNewAuthenticatedUser(String username) { UserData userData = userReadService.findOne(username); return new UserWithToken(userData, jwtService.toToken(userData)); } diff --git a/src/main/java/io/spring/core/user/EncryptService.java b/src/main/java/io/spring/core/user/EncryptService.java new file mode 100644 index 0000000..95eba6c --- /dev/null +++ b/src/main/java/io/spring/core/user/EncryptService.java @@ -0,0 +1,6 @@ +package io.spring.core.user; + +public interface EncryptService { + String encrypt(String password); + boolean check(String checkPassword, String realPassword); +} diff --git a/src/main/java/io/spring/infrastructure/user/NaiveEncryptService.java b/src/main/java/io/spring/infrastructure/user/NaiveEncryptService.java new file mode 100644 index 0000000..8a44ad6 --- /dev/null +++ b/src/main/java/io/spring/infrastructure/user/NaiveEncryptService.java @@ -0,0 +1,17 @@ +package io.spring.infrastructure.user; + +import io.spring.core.user.EncryptService; +import org.springframework.stereotype.Service; + +@Service +public class NaiveEncryptService implements EncryptService { + @Override + public String encrypt(String password) { + return password; + } + + @Override + public boolean check(String checkPassword, String realPassword) { + return checkPassword.equals(realPassword); + } +} diff --git a/src/test/java/io/spring/api/CurrentUserApiTest.java b/src/test/java/io/spring/api/CurrentUserApiTest.java index 2cb1588..1f2bf9f 100644 --- a/src/test/java/io/spring/api/CurrentUserApiTest.java +++ b/src/test/java/io/spring/api/CurrentUserApiTest.java @@ -70,4 +70,26 @@ public class CurrentUserApiTest { .body("user.image", equalTo("https://static.productionready.io/images/smiley-cyrus.jpg")) .body("user.token", equalTo(token)); } + + @Test + public void should_get_401_without_token() throws Exception { + given() + .contentType("application/json") + .when() + .get("/user") + .then() + .statusCode(401); + + } + + @Test + public void should_get_401_with_invalid_token() throws Exception { + given() + .contentType("application/json") + .header("Authorization", "Token asdfasd") + .when() + .get("/user") + .then() + .statusCode(401); + } } diff --git a/src/test/java/io/spring/api/UsersApiTest.java b/src/test/java/io/spring/api/UsersApiTest.java index a120a4c..ccb8870 100644 --- a/src/test/java/io/spring/api/UsersApiTest.java +++ b/src/test/java/io/spring/api/UsersApiTest.java @@ -6,7 +6,6 @@ import io.spring.application.user.UserData; import io.spring.application.user.UserReadService; import io.spring.core.user.User; import io.spring.core.user.UserRepository; -import io.spring.infrastructure.service.DefaultJwtService; import org.junit.Before; import org.junit.Test; import org.junit.runner.RunWith; @@ -21,7 +20,6 @@ import java.util.Optional; import static io.restassured.RestAssured.given; import static org.hamcrest.core.IsEqual.equalTo; -import static org.junit.Assert.*; import static org.mockito.Matchers.any; import static org.mockito.Matchers.eq; import static org.mockito.Mockito.verify; @@ -41,11 +39,13 @@ public class UsersApiTest { @MockBean private UserReadService userReadService; + private String defaultAvatar; @Before public void setUp() throws Exception { RestAssured.port = port; + defaultAvatar = "https://static.productionready.io/images/smiley-cyrus.jpg"; } @Test @@ -54,7 +54,7 @@ public class UsersApiTest { String username = "johnjacob"; when(jwtService.toToken(any())).thenReturn("123"); - UserData userData = new UserData(email, username, "", "https://static.productionready.io/images/smiley-cyrus.jpg"); + UserData userData = new UserData(email, username, "", defaultAvatar); when(userReadService.findOne(eq(username))).thenReturn(userData); when(userRepository.findByUsername(eq(username))).thenReturn(Optional.empty()); @@ -72,7 +72,7 @@ public class UsersApiTest { .body("user.email", equalTo(email)) .body("user.username", equalTo(username)) .body("user.bio", equalTo("")) - .body("user.image", equalTo("https://static.productionready.io/images/smiley-cyrus.jpg")) + .body("user.image", equalTo(defaultAvatar)) .body("user.token", equalTo("123")); verify(userRepository).save(any()); @@ -167,4 +167,67 @@ public class UsersApiTest { }}); }}; } + + @Test + public void should_login_success() throws Exception { + String email = "john@jacob.com"; + String username = "johnjacob2"; + String password = "123"; + + User user = new User(email, username, password, "", defaultAvatar); + UserData userData = new UserData(email, username, "", defaultAvatar); + + when(userRepository.findByEmail(eq(email))).thenReturn(Optional.of(user)); + when(userReadService.findOne(eq(username))).thenReturn(userData); + when(jwtService.toToken(any())).thenReturn("123"); + + Map param = new HashMap() {{ + put("user", new HashMap() {{ + put("email", email); + put("password", password); + }}); + }}; + + given() + .contentType("application/json") + .body(param) + .when() + .post("/users/login") + .then() + .statusCode(200) + .body("user.email", equalTo(email)) + .body("user.username", equalTo(username)) + .body("user.bio", equalTo("")) + .body("user.image", equalTo(defaultAvatar)) + .body("user.token", equalTo("123"));; + } + + @Test + public void should_fail_login_with_wrong_password() throws Exception { + String email = "john@jacob.com"; + String username = "johnjacob2"; + String password = "123"; + + User user = new User(email, username, password, "", defaultAvatar); + UserData userData = new UserData(email, username, "", defaultAvatar); + + when(userRepository.findByEmail(eq(email))).thenReturn(Optional.of(user)); + when(userReadService.findOne(eq(username))).thenReturn(userData); + + Map param = new HashMap() {{ + put("user", new HashMap() {{ + put("email", email); + put("password", "123123"); + }}); + }}; + + given() + .contentType("application/json") + .body(param) + .when() + .post("/users/login") + .then() + .statusCode(422) + .body("errors.password[0]", equalTo("invalid email or password")); + } } \ No newline at end of file